Welcome to SecureDrop’s documentation!

SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources.

User Guides

• Source Guide
  • What is SecureDrop?
  • Choosing the Right Location
  • Get Tor Browser
  • Choose Who to Submit To
  • Making Your First Submission
  • Continuing the Conversation
• Journalist Guide
  • Connecting to the Tor network in Tails
  • Updating Your Workstation
  • Connecting to the Journalist Interface
  • Daily Journalist Alerts About Submissions
  • Interacting With Sources
  • Moving Documents to the Secure Viewing Station
  • Working with Documents
  • Moving Documents to Your Everyday Workstation
  • Decrypting and Preparing to Publish
  • Deleting submissions and source accounts
• Admin Guide
  • Responsibilities
  • The Admin Interface
  • Server SSH Access
  • The securedrop-admin Utility
  • Frequently Asked Questions
• Passphrase Best Practices
  • General Best Practices
  • For Sources
  • For Journalists/Admins

Install SecureDrop

• Overview
  • Technical Summary
  • Infrastructure
  • Operation
• Glossary
  • Admin Workstation
  • Application Server
  • Export Device
  • Journalist
  • Journalist Alert Public Key
  • Journalist Interface
  • Journalist Workstation
  • Landing Page
  • Monitor Server
  • Onion Service
  • OSSEC Alert Public Key
  • Secure Viewing Station
  • Source
  • Source Interface
  • Submission Key
  • Transfer Device
  • Two-Factor Authentication
• Passphrases
  • Admin
  • Journalist
• Hardware
  • Hardware Overview
  • Advice for users on a tight budget
  • Required Hardware
  • Optional Hardware
  • Specific Hardware Recommendations
• Before You Begin
• Create Tails USBs
  • Install Tails
  • Enable Persistent Storage
• Set Up the Secure Viewing Station
  • Correct the System Time
• Set Up the Transfer Device and the Export Device
  • Choose media types and encryption
  • Decide how to manage encryption passphrases
  • Create USB Transfer Device
  • Create a USB Export Device
• Generate the Submission Key
  • Create the Key
  • Export the Submission Public Key
• Set up the Admin Workstation
  • Start Tails with Persistence Enabled
  • Download the SecureDrop repository
  • Create the Admin Passphrase Database
• Set Up the Network Firewall
  • Before You Begin
  • Initial Configuration
  • Disable DHCP on the LAN
  • SecureDrop Configuration
  • Tips for Setting Up pfSense Firewall Rules
  • Keeping pfSense up to Date
  • Abstract Firewall Rules
• Set Up the Servers
  • Pre-Install Steps
  • Install Ubuntu
  • Test Connectivity
  • Set Up SSH Keys
• Install SecureDrop
  • Install Prerequisites
  • Localization of the Source Interface and Journalist Interface
  • Configure the Installation
  • Install SecureDrop Servers
• Configure the Admin Workstation Post-Install and Create Backups
  • Auto-connect to the Authenticated Onion Services
  • Back Up the Workstations
• Create an Admin Account on the Journalist Interface
• Test the Installation
  • Test Connectivity
  • Sanity-Check the Installation
  • Test the Web Interfaces
• Onboard Journalists
  • Determine Access Protocol for the Secure Viewing Station
  • Create a Journalist Tails USB
  • Set Up Automatic Access to the Journalist Interface
  • Add an account on the Journalist Interface
  • Provision a personal Transfer Device and Export Device
  • Verify Journalist Setup

Deployment Best Practices

• Overview
• Landing Page
  • URL and Location
  • HTTPS Only (No Mixed Content)
  • Perfect Forward Secrecy
  • SSL Certificate Recommendations
  • Do Not Use Third-Party Analytics, Tracking, or Advertising
  • Do Not Hyperlink .onion Addresses
  • Avoid Direct Links to SecureDrop.org
  • Apply Security Headers
  • Additional Apache Configuration
  • Further Security Considerations
  • How to test your Landing Page using Tor Browser
  • Landing Page Content Suggestions
• Minimum requirements for the SecureDrop environment
• Whole Site Changes
  • Suggested
• Sample SecureDrop Privacy Policy
  • Collection of Information From Sources
  • Collection of Information About Journalists’ Use of SecureDrop
  • Data Security
  • Children Under 13
  • Changes to This Policy
  • Contact

Topic Guides

• Promoting Your SecureDrop Instance
  • Make a High Profile Announcement
  • Provide a Clear Link on Your Homepage
  • Provide Links at the Bottom of Your Articles
  • Create an Instructional Video on How to Access and Use Your SecureDrop
  • Regularly Share Your SecureDrop Landing Page on Social Media
  • Target Potential Whistleblowers with Advertising
  • Put an Advertisement in Your Physical Paper
• What Makes SecureDrop Unique
  • No Third Parties that Can Secretly be Subpoenaed
  • Limits the Metadata Trail as Much as Possible
  • Encrypted and Air-Gapped
  • Protects Against Hackers
  • Free and Open Source Software
• Investigating Logs
  • Logs to examine on both servers
  • Application Server Logs
  • Monitor Server Logs
• OSSEC Guide
  • Setting up OSSEC alerts
  • Troubleshooting
  • Analyzing the alerts
• Setting Up a Printer in Tails
  • Installing and Printing via the Tails GUI
  • Printing from the Command Line
• HTTPS on the Source Interface
  • Obtaining an HTTPS certificate for Onion URLs
  • Activating HTTPS in SecureDrop
• SSH Over Local Network
  • Configuring SSH for Local Access
• SecureDrop On-Site Training Schedule
  • Day 1: Preparation and Install
  • Day 2: Journalist and Admin Training
• Using a YubiKey with the Journalist Interface
  • What is a YubiKey?
  • Download and Launch the YubiKey Personalization Tool
  • Setting Up Hardware-Based Codes
  • Adding Users
  • Using Your YubiKey
• Backing Up and Restoring Servers
  • Minimizing Disk Use
  • Backing Up
  • Restoring from a Backup
  • Migrating Using a Backup
  • Additional Information
• Backing Up and Restoring Workstations
  • Backup the Workstations
  • Restoring a Workstation from a Backup
• Updating Tails USBs
  • Update via Graphical Installer
  • Update Manually
• Rebuilding an Admin Workstation USB
  • Step 1: Prepare the USB sticks
  • Step 2: (Optional) Boot the servers in single-user mode
  • Step 3: Set up Admin Workstation access
  • Step 4: Retrieve SecureDrop configuration info from the servers
  • Step 5: Configure and back up the Application Server
  • Step 6: Use the installer to complete the configuration
  • Step 7: Set up SSH-over Tor
  • Step 8: Post-rebuild tasks
• Troubleshooting Kernel Updates
  • Boot into Single User Mode
  • Test the New Kernel
  • Compare the Behavior of the Old Kernel
  • Roll Back to the Old Kernel
  • Report Compatibility Issues
  • Test and Enable an Updated Kernel
• Getting Support
  • Support Portal
  • Community Based Support
• BIOS Updates on the Servers
  • What you need
  • Perform Backups
  • Prepare the USB Stick
  • Download and Verify Appropriate BIOS Files
  • Update the BIOS
• Off-board Administrators and Journalists
  • Off-boarding checklist
  • Additional steps for off-boarding administrators
  • Rotate the Submission Key
  • Getting Support
• Decommission SecureDrop

Upgrade SecureDrop

• Upgrade from 2.0.2 to 2.1.0
  • Updating Servers to SecureDrop 2.1.0
  • Updating Workstations to SecureDrop 2.1.0
  • Updating Tails
  • Getting Support
• Upgrade from 2.0.1 to 2.0.2
  • Updating Servers to SecureDrop 2.0.2
  • Updating Workstations to SecureDrop 2.0.2
  • Updating Tails
  • Troubleshooting Kernel Issues
  • Getting Support
• Upgrade from 2.0.0 to 2.0.1
  • Updating Servers to SecureDrop 2.0.1
  • Updating Workstations to SecureDrop 2.0.1
  • Updating Tails
  • Getting Support

Developer Documentation

• Contributing to SecureDrop
  • Programmers
  • Technical Writers
  • UX Contributors
  • Release Managers
  • Translators
  • Forum Moderators and Support
• Setting Up the Development Environment
  • Overview
  • Quick Start
  • Setting Up a Multi-Machine Environment
• Making a PR to SecureDrop
  • Forking and Cloning the Project
  • Make Your Changes and Push to the Fork
  • Making a Pull Request to Get Your Changes Merged in develop Branch
• Development of Securedrop-Admin in the Admin Directory
• Development of SecureDropUpdater in the journalist_gui Directory
  • Installing the Dependencies in a Virtual Environment
  • To Update the UI Design
  • Using Resources in the UI
  • Adding and Running Test Cases
• Developing the SecureDrop Client Application
  • Developer Setup
  • How to Find Help
  • Client Architecture
  • Tests
  • Contributing
• Journalist Interface API
  • Versioning
  • Content Type
  • Authentication
  • Errors
  • Endpoints
  • Removed functionality
• Virtual Environments: Servers
  • Staging
  • Production
• Virtual Environments: Admin Workstation
  • Linux
• Virtual Environments: Using Qubes
  • Overview
  • Download Ubuntu server ISO
  • Create the base VM
  • Boot into installation media
  • Initial VM configuration
  • Clone VMs
  • SecureDrop Installation
  • Managing Qubes RPC for Admin API capability
  • Creating staging instance
  • Accessing the Journalist Interface (Staging) in Whonix-based VMs
• Upgrade Testing using Molecule
  • Upgrade testing using locally-built packages
  • Upgrade testing using apt-test.freedom.press
• Contributing Guidelines
  • Signing commits
  • Branching Strategy
  • Automated Testing
  • Code Style
  • Type Hints in Python code
  • Git History
  • Privileges
  • Other Tips
• Tips & Tricks
  • Using Tor Browser with the Development Environment
  • Upgrading or Adding Python Dependencies
  • Architecture Diagrams
• Database Migrations
  • Migration Files
  • Deployment
  • Developer Workflow
• Translations
  • Quick Start Guide
  • Background Information
  • How-to Guides
  • Glossary
• Internationalization (i18n)
  • i18n_tool.py
  • Development tasks
  • Release Management
  • Weblate administration
• Documentation Guidelines
  • Integration with Read the Docs
  • Updating Documentation
  • Testing Documentation Changes
  • Pushing to a contributor fork
  • Updating Screenshots
  • Style Guide
• Testing SecureDrop
• Testing: Application Tests
  • Installation
  • Running the Application Tests
  • Updating the Application Tests
• Testing: Configuration Tests
  • Installation
  • Running the Config Tests
  • Updating the Config Tests
  • Config Test Layout
  • Config Testing Strategy
• Testing: CI
  • Running the CI Staging Environment
• SecureDrop apt Repository
• Updating OSSEC Rules
  • Alerting Strategy
  • Using ossec-logtest
  • Writing Automated Tests for OSSEC Rules
• How to add a new OSSEC rule?
  • The decoder file
  • The rules
  • Verify the new OSSEC rule
  • Adding an automated test for staging
  • Deployment
• Generating AppArmor Profiles for Tor and Apache
• Portable SecureDrop Demo
  • Hardware
• Release Management
  • Pre-Release
  • Release Process
  • Post-Release
• Build container
• Who can update the build container?
• Updating the build container

Threat Model

• Threat Model
  • Actors
  • Assumptions
  • Assets
  • Implications of SecureDrop Area Compromise
• Data Flow Diagram
• Attacks and Countermeasures on the SecureDrop Environment
  • Application Code — SecureDrop Repository/Release
  • Application Code — Source Interface and Journalist Interface
  • Application Server and Monitor Server
  • SecureDrop Dependencies — Python, Tor, Linux Kernel, apt, Tails, Ubuntu, or Hardware Firewall Vulnerabilities
  • Network Infrastructure — FPF Infrastructure or Organization Corporate Network
  • User Behavior and Hardware — SecureDrop Hardware Tampering or Failure in Operational Security

Two versions of this documentation are available:

• latest - built from the develop branch of the SecureDrop repository, containing updates that have been tested but not yet released.
• stable - built from the stable branch of the SecureDrop repository, and up to date with the most recent release, 2.1.0.